What the DOJ’s First MEV Lawsuit Means for Ethereum

In a highly technical overview of an exploit that has since been patched, government prosecutors find that exploiting code is a crime. CoinDesk reached out to several experts in the Ethereum community to get their views on the case.

AccessTimeIconMay 15, 2024 at 8:27 p.m. UTC
Updated May 15, 2024 at 8:56 p.m. UTC

The U.S. Department of Justice charged two brothers with orchestrating an attack on Ethereum trading bots, charging them with conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering. In essence, the brothers found a way to target bots that were frontrunning transactions in a process called maximal extractable value, or MEV, which refers to the amount of money that can be bled out of the block production process by ordering transactions.

Note: The views expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates. This is an excerpt from The Node newsletter, a daily roundup of the most pivotal crypto news on CoinDesk and beyond. You can subscribe to get the full newsletter here.

MEV, which itself is controversial, can be a highly lucrative game dominated by automated bots that often comes at blockchain users’ expense, which is partially why so many in the crypto community have rushed to denounce the DOJ’s complaint. However, this is hardly a Robinhood situation, where two brothers, Anton and James Peraire-Bueno, of Bedford, Massachusetts, were stealing from the rich to give to the poor.

As indicated by the DOJ’s filing, the brothers brought in approximately $25 million in at least eight separate transactions in what, according to the DOJ, was a highly orchestrated and premeditated plot. They set up shell companies and searched for ways to safely launder funds to avoid detection. The highly technical complaint spells out the process by which the exploit occurred, which the DOJ calls “the very first of its kind.”

“They used a flaw in MEV boost to push invalid signatures to preview bundles. That gives an unfair advantage via an exploit,” former employee of the Ethereum Foundation and Flashbots Hudson Jameson told CoinDesk in an interview. Jameson added that the Peraire-Bueno brothers were also running their own validator while extracting MEV, which violates something of a gentleman’s agreement in MEV circles.

“No one else in the MEV ecosystem was doing both of those things at once that we know of,” he added. “They did more than just play by both the codified and pinky promise rules of MEV extraction.”

“It's not some kind of robin hood story as they didn't return the money to people MEVers extracted it from,” pseudonymous researcher Banteg said.

At a more technical level, the brothers were able to exploit an open-source built by MEV firm Flashbots called mev-boost that gave them an unequal view into how MEV bots were ordering transactions. (Mev-boost is an open-source protocol that allows different actors to compete to “build” the most valuable blocks by ordering transactions.)

“Having access to the block body allowed the malicious proposer to extract transactions from the stolen block and use them in their own block where it could exploit those transactions. In particular, the malicious proposer constructed their own block that broke the sandwich bots’ sandwiches up and effectively stole their money,” according to a Flashbots’ post-mortem in 2023.

In particular, and central to the DOJ’s case, is that the brothers found a way to sign false transactions in order to run the scheme. “This False Signature was designed to, and did, trick the Relay to prematurely release the content of the proposed block to the defendants, including private transaction information,” the document reads.

“The invalid header part is going to be the needle that this all balances on I think,” a crypto researcher, who asked to remain anonymous, said.

“I feel the indictment indicates that and therefore it may actually be a good thing that SDNY is verryyyy tech savvy in this and clearly layed out where they fucked up and alluded to the inevitability of MEV in blockchains,” Jameson said.

Others have also noted the technical sophistication of the DOJ’s argument, which seems to be less of an indictment of MEV or Ethereum itself than of an attempt to profit by unfairly gaining information.

“If you hope Ethereum will always be a ‘dark forest’ where on-chain predators compete with each other for arbitrage opportunities, then you probably dislike this prosecution,” Consensys General Counsel Bill Hughes told CoinDesk in an interview. “Thankfully, I think there are only a few who are actually like that. If you prefer predatory behavior like this be curtailed, which is the vast majority, then you are likely to feel the opposite.”

“All of the defendants' preparation for the attack and their completely ham-fisted attempts to cover their tracks afterwards, including extensive incriminating google searches, just helps the government prove they intended to steal. All that evidence will look very bad to a jury. I suspect they plead guilty at some point,” he added.

Still, others remain convinced that exploiting MEV bots designed to reorder transactions is fair game. “It's a little hard to sympathize with MEV bots and block builders getting f*cked over by block proposers, in the exact same way they are f*cking over end users,” the anonymous researcher said.

Jameson, for his part, said the MEV is something the Ethereum community should work to minimize on Ethereum, but that it’s a difficult problem to solve. For now, the process is “inevitable.”

“Until it can be eliminated, let's study it. Let's illuminate it. Let's minimize it. And since it does exist, let's make it as open as possible for anyone to participate with the same rules,” he said.

If there is any silver lining, the Flashbots team were able to patch the error that enabled the attack fairly quickly, Cornell Tech professor Ari Juels said.

“There are no lasting implications,” he added. “There is of course an irony in what took place: A thief stealing money from sandwich bots, which themselves exploit users in the view of many in the community.”

Edited by Benjamin Schiller.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Daniel Kuhn

Daniel Kuhn is a deputy managing editor for Consensus Magazine. He owns minor amounts of BTC and ETH.